ef8bef7d1a8ae3ba7e8eb587d183c880_JaffaCakes118 | Triage

Resubmissions

21-09-2024 10:19

240921-mcrnkaxbpa 3

21-09-2024 10:18

240921-mb4azaxble 3

21-09-2024 09:56

240921-lytjlsweka 10

Sharing

General

Target

ef8bef7d1a8ae3ba7e8eb587d183c880_JaffaCakes118
Size

407KB
MD5

ef8bef7d1a8ae3ba7e8eb587d183c880
SHA1

2dc7f3f967fd5616b866f7659cc5f748668a62cd
SHA256

4f6a14fdfe1ed27721d7e8d09e9524240f912b85a29bc6ba76f6c60508b1e09c
SHA512

5d8c5ed789c58699e7bcde0b8234193b733a415bc2a9bea7419239f120446303f969f4f08efcf8f814bbab000a9d9a542bf3d0ce8c10924d450344de5dbc4670
SSDEEP

6144:x8I0ys1egkLahZpu7LpOSQvHPFrC+2F7h+D6/OuA5qR5E6KSpb6odrF9skA8r+R:x8I0ysYdLahIlavHN+57QC53+kA68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MV Medi Aero IMO NO 9708966 00877 -xlxs.exe

Files

ef8bef7d1a8ae3ba7e8eb587d183c880_JaffaCakes118
.eml
MV Medi Aero IMO NO 9708966 00877 -xlxs.gz
.zip
MV Medi Aero IMO NO 9708966 00877 -xlxs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-1.txt